Almost half of healthcare organizations conduct annual security risk assessments to assess their vulnerability to cyberthreats, according to the 2018 HIMSS Cybersecurity Survey.

For the survey, HIMSS — the Healthcare Information and Management Systems Society — asked 239 health information security professionals to weigh in on their experiences with and attitude toward cybersecurity in their respective organizations.

Here are four survey findings related to how healthcare organizations address information security.

1. The plurality of respondents (45.5 percent) indicated they undergo security risk assessments once a year. Only 9.6 percent of health information security professionals selected the next most common response — conducting daily security risk assessments.

2. When asked what security framework their organization has adopted, the majority of respondents cited the National Institute of Standards and Technology.

NIST: 57.9 percent

HITRUST: 26.4 percent

Critical Security Controls: 24.7 percent

3. There's no uniform source of cyberthreat intelligence, according to the survey respondents, although the majority consider word-of-mouth information from peers a key resource.

Peers: 68.6 percent

U.S. Computer Emergency Readiness Team: 60 percent

HIMSS resources: 53.8 percent

4. More than half of respondents cited lack of appropriate cybersecurity personnel as one of the biggest barriers for remediating and mitigating cybersecurity incidents.

The Becker's Hospital Review website uses cookies to display relevant ads and to enhance your browsing experience. By continuing to use our site, you acknowledge that you have read, that you understand, and that you accept our Cookie Policy and our Privacy Policy.